fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

add back-end implementation for SSO JIT provisioning

Open roperzh opened this issue 3 years ago • 1 comments

Related to #7053, this uses the SSO config added in https://github.com/fleetdm/fleet/pull/7140 to enable JIT provisioning for premium instances.

A few notes:

  1. Documentation and changelog will be added in the UI PR
  2. I changed the integration tests for SSO to use an actual SSO server instead of a hardcoded response, and added tests for the whole login flow (instead of just the config endpoint.) If we think this is not a good idea I can revert
  3. I couldn't find an standard for users' full names in SSO callback responses, so I collected the most commonly used attribute names and we check for any of them to be present. Documentation for this will also be included in the UI PR.

https://user-images.githubusercontent.com/4419992/184360072-115fe21c-6fed-4150-bb99-4991c3143e53.mov

Checklist for submitter

If some of the following don't apply, delete the relevant line.

  • [x] Ensured that input data is properly validated, SQL injection is prevented (using placeholders for values in statements)
  • [x] Added/updated tests
  • [x] Manual QA for all new/changed functionality

roperzh avatar Aug 12 '22 13:08 roperzh

Codecov Report

Merging #7182 (8441818) into main (acf6018) will increase coverage by 0.13%. The diff coverage is 79.38%.

@@            Coverage Diff             @@
##             main    #7182      +/-   ##
==========================================
+ Coverage   60.12%   60.26%   +0.13%     
==========================================
  Files         408      408              
  Lines       38553    38635      +82     
==========================================
+ Hits        23180    23283     +103     
+ Misses      13116    13085      -31     
- Partials     2257     2267      +10
Impacted Files Coverage Δ
pkg/fleethttp/fleethttp.go 82.00% <0.00%> (-13.35%) :arrow_down:
server/fleet/activities.go 0.00% <ø> (ø)
server/fleet/sessions.go 0.00% <ø> (ø)
server/service/metrics_sessions.go 0.00% <0.00%> (ø)
server/service/service_users.go 34.48% <50.00%> (ø)
server/service/sessions.go 73.43% <68.00%> (+6.92%) :arrow_up:
server/service/testing_client.go 96.27% <94.11%> (-1.00%) :arrow_down:
server/service/users.go 68.52% <100.00%> (+0.49%) :arrow_up:
server/sso/authorization_response.go 76.00% <100.00%> (+10.14%) :arrow_up:
... and 2 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov-commenter avatar Aug 12 '22 16:08 codecov-commenter

Sorry for the late change! I pushed one last commit to validate emails 590fb44

roperzh avatar Aug 15 '22 14:08 roperzh